[PULL 0/2] riscv-to-apply queue

[PULL 0/2] riscv-to-apply queue

[Alistair Francis]

From: Alistair Francis <alistair.francis@wdc.com>

The following changes since commit d5341e09135b871199073572f53bc11ae9b44897:

  Merge tag 'pull-tcg-20220331' of https://gitlab.com/rth7680/qemu into staging (2022-03-31 18:36:08 +0100)

are available in the Git repository at:

  git@github.com:alistair23/qemu.git tags/pull-riscv-to-apply-20220401

for you to fetch changes up to 8ff8ac63298611c8373b294ec936475b1a33f63f:

  target/riscv: rvv: Add missing early exit condition for whole register load/store (2022-04-01 08:40:55 +1000)

----------------------------------------------------------------
Sixth RISC-V PR for QEMU 7.0

This is a last minute RISC-V PR for 7.0.

It includes a fix to avoid leaking no translation TLB entries. This
incorrectly cached uncachable baremetal entries. This would break Linux
boot while single stepping. As the fix is pretty straight forward (flush
the cache more often) it's being pulled in for 7.0.

At the same time I have included a RISC-V vector extension fixup patch.

----------------------------------------------------------------
Palmer Dabbelt (1):
      target/riscv: Avoid leaking "no translation" TLB entries

Yueh-Ting (eop) Chen (1):
      target/riscv: rvv: Add missing early exit condition for whole register load/store

 target/riscv/csr.c                      | 14 ++++++++------
 target/riscv/insn_trans/trans_rvv.c.inc |  5 +++++
 2 files changed, 13 insertions(+), 6 deletions(-)

[PULL 1/2] target/riscv: Avoid leaking "no translation" TLB entries

[Alistair Francis]

From: Palmer Dabbelt <palmer@rivosinc.com>

The ISA doesn't allow bare mappings to be cached, as the caches are
translations and bare mppings are not translated.  We cache these
translations in QEMU in order to utilize the TLB code, but that leaks
out to the guest.

Suggested-by: phantom@zju.edu.cn # no name in the From field
Fixes: 1e0d985fa9 ("target/riscv: Only flush TLB if SATP.ASID changes")
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220330165913.8836-1-palmer@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
 target/riscv/csr.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 0606cd0ea8..341c2e6f23 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -1844,7 +1844,7 @@ static RISCVException read_satp(CPURISCVState *env, int csrno,
 static RISCVException write_satp(CPURISCVState *env, int csrno,
                                  target_ulong val)
 {
-    target_ulong vm, mask, asid;
+    target_ulong vm, mask;
 
     if (!riscv_feature(env, RISCV_FEATURE_MMU)) {
         return RISCV_EXCP_NONE;
@@ -1853,20 +1853,22 @@ static RISCVException write_satp(CPURISCVState *env, int csrno,
     if (riscv_cpu_mxl(env) == MXL_RV32) {
         vm = validate_vm(env, get_field(val, SATP32_MODE));
         mask = (val ^ env->satp) & (SATP32_MODE | SATP32_ASID | SATP32_PPN);
-        asid = (val ^ env->satp) & SATP32_ASID;
     } else {
         vm = validate_vm(env, get_field(val, SATP64_MODE));
         mask = (val ^ env->satp) & (SATP64_MODE | SATP64_ASID | SATP64_PPN);
-        asid = (val ^ env->satp) & SATP64_ASID;
     }
 
     if (vm && mask) {
         if (env->priv == PRV_S && get_field(env->mstatus, MSTATUS_TVM)) {
             return RISCV_EXCP_ILLEGAL_INST;
         } else {
-            if (asid) {
-                tlb_flush(env_cpu(env));
-            }
+            /*
+             * The ISA defines SATP.MODE=Bare as "no translation", but we still
+             * pass these through QEMU's TLB emulation as it improves
+             * performance.  Flushing the TLB on SATP writes with paging
+             * enabled avoids leaking those invalid cached mappings.
+             */
+            tlb_flush(env_cpu(env));
             env->satp = val;
         }
     }
-- 
2.35.1

[PULL 2/2] target/riscv: rvv: Add missing early exit condition for whole register load/store

[Alistair Francis]

From: "Yueh-Ting (eop) Chen" <eop.chen@sifive.com>

According to v-spec (section 7.9):
The instructions operate with an effective vector length, evl=NFIELDS*VLEN/EEW,
regardless of current settings in vtype and vl. The usual property that no
elements are written if vstart ≥ vl does not apply to these instructions.
Instead, no elements are written if vstart ≥ evl.

Signed-off-by: eop Chen <eop.chen@sifive.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <164762720573.18409.3931931227997483525-0@git.sr.ht>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
 target/riscv/insn_trans/trans_rvv.c.inc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc
index 275fded6e4..4ea7e41e1a 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -1121,6 +1121,10 @@ static bool ldst_whole_trans(uint32_t vd, uint32_t rs1, uint32_t nf,
                              gen_helper_ldst_whole *fn, DisasContext *s,
                              bool is_store)
 {
+    uint32_t evl = (s->cfg_ptr->vlen / 8) * nf / (1 << s->sew);
+    TCGLabel *over = gen_new_label();
+    tcg_gen_brcondi_tl(TCG_COND_GEU, cpu_vstart, evl, over);
+
     TCGv_ptr dest;
     TCGv base;
     TCGv_i32 desc;
@@ -1140,6 +1144,7 @@ static bool ldst_whole_trans(uint32_t vd, uint32_t rs1, uint32_t nf,
     if (!is_store) {
         mark_vs_dirty(s);
     }
+    gen_set_label(over);
 
     return true;
 }
-- 
2.35.1

Re: [PULL 0/2] riscv-to-apply queue

[Peter Maydell]

On Fri, 1 Apr 2022 at 00:50, Alistair Francis
<alistair.francis@opensource.wdc.com> wrote:
>
> From: Alistair Francis <alistair.francis@wdc.com>
>
> The following changes since commit d5341e09135b871199073572f53bc11ae9b44897:
>
>   Merge tag 'pull-tcg-20220331' of https://gitlab.com/rth7680/qemu into staging (2022-03-31 18:36:08 +0100)
>
> are available in the Git repository at:
>
>   git@github.com:alistair23/qemu.git tags/pull-riscv-to-apply-20220401
>
> for you to fetch changes up to 8ff8ac63298611c8373b294ec936475b1a33f63f:
>
>   target/riscv: rvv: Add missing early exit condition for whole register load/store (2022-04-01 08:40:55 +1000)
>
> ----------------------------------------------------------------
> Sixth RISC-V PR for QEMU 7.0
>
> This is a last minute RISC-V PR for 7.0.
>
> It includes a fix to avoid leaking no translation TLB entries. This
> incorrectly cached uncachable baremetal entries. This would break Linux
> boot while single stepping. As the fix is pretty straight forward (flush
> the cache more often) it's being pulled in for 7.0.
>
> At the same time I have included a RISC-V vector extension fixup patch.
>
> ----------------------------------------------------------------


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/7.0
for any user-visible changes.

-- PMM